2017-09-07 Richard Russon <rich@flatcap.org>
* Contrib
- Add guix build support
* Bug Fixes
- Only match real mailboxes when looking for new mail
- Fix the printing of ncurses version in -v output
- Bind editor \<delete\> to delete-char
- Fix overflowing colours
- Fix empty In-Reply-To generation
- Trim trailing slash from completed dirs
- Add guix-neomutt.scm
- Fix setting custom query_type in notmuch query
* Website
- New technical documentation LINK
- Improve Gentoo distro page
* Build
- Better curses identification
- Use the system's wchar_t support
- Use the system's md5 tool (or equivalent)
- Clean up configure.ac
- Teach gen-map-doc about the new opcode header
* Source
- Rename functions (snake_case)
- Rename constants/defines (UPPER_CASE)
- Create library of shared functions
- Much tidying
- Rename globals to match user config
- Drop unnecessary functions/macros
- Use a standard list implementation
- Coverity fixes
- Use explicit NUL for string terminators
- Drop OPS\* in favour of opcodes.h
* Upstream
- Fix menu color calls to occur before positioning the cursor
- When guessing an attachment type, don't allow text/plain if there is a null character
- Add $imap_poll_timeout to allow mailbox polling to time out
- Handle error if REGCOMP in pager fails when resizing
- Change recvattach to allow nested encryption
- Fix attachment check_traditional and extract_keys operations
- Add edit-content-type helper and warning for decrypted attachments
- Add option to run command to query attachment mime type
- Add warning about using inline pgp with format=flowed
+ $ssl_verify_partial_chains permits verifying partial certificate chains.
This allows the storage of only intermediate/host certificates in the
$certificate_file. (OpenSSL 1.0.2b and newer only)
! SNI support added for OpenSSL and GnuTLS.
+ Choice and confirmation prompts can now wrap across multiple lines.
+ Window resizes are handled while in the line editor.
+ "color compose" can color the compose menu header fields and the
security status. See "Using Color and Mono Video Attributes" in the
manual for more details.
+ Setting $header_color_partial allows partial coloring of headers in the
pager. This can be used to color just the header labels, or strings
inside the headers. hdrdefault controls the color of the unmatched part.
+ When $history_remove_dups is set, duplicates in the history ring will
be scanned and removed each time a new entry is added.
! IMAP header downloading was improved to support out-of-order and
missing MSN entries.
! $message_cache_clean should be faster for large mailboxes.
+ Self-encryption can be enabled using the $pgp_self_encrypt,
$pgp_self_encrypt_as, $smime_self_encrypt, and $smime_self_encrypt_as
options.
! $postpone_encrypt now will use the $pgp_self_encrypt_as or
$smime_self_encrypt_as option values first. $postpone_encrypt_as will
be checked second, but should be considered deprecated.
+ $forward_attribution_intro and $forward_attribution_trailer can be used
to customize the message preceding and following a forwarded message.
+ The ~<() and ~>() pattern operators match messages whose immediate parent,
or immediate children respectively, match the subpattern inside ().
They are more specific versions of the ~() pattern operator.
+ $imap_poll_timeout allow IMAP mailbox polling to time out. This defaults
to 15 seconds.
+ The attachment menu now supports nested encryption. This allows
attachments in nested encrypted messages to be saved or operated on.
+ $mime_type_query_command specifies a command to run to determine
a new attachment's mime type. When $mime_type_query_first is set,
this command will be run before looking at the mime.types file.
Changelog v0.4.20:
+ Made the retention period for redirect duplicate identifiers
configurable. For accounts that perform many redirects, the lda-dupes
database could grow to impractical sizes. Changed the default
retention period from 24 to 12 hours.
- sieve-filter: Fixed memory leak: forgot to clean up script binary at
end of execution. Normally, this would merely be an inconsequential
memory leak. However, when the script comes from an LDAP storage, this
would cause io leak warnings.
- managesieve-login: Fixed handling of AUTHENTICATE command. A second
authenticate command would be parsed wrong. This problem was caused by
changes in the previous release.
- LDA Sieve plugin: Fixed minor memory leak caused by not cleaning up
the sieve_discard script.
msmtp provides MacOS X Keychain support by using the configuration
option `--with-macosx-keyring`. With this setting enabled passwords
for msmtp can be stored in the MacOS X keychain.
From Thomas Merkel in NetBSD/pkgsrc#14
There are various changes in this release that can be used to significantly reduce disk IO with:
1) NFS storage especially, but I guess also other remote filesystems and even some with local disks
2) When mail storage and INDEX storage are separated
* imapc: Info-level line is logged every time when successfully
connected to the remote server. This includes local/remote IP/port,
which can be useful for matching against external logs.
* config: Log a warning if plugin { key=no } is used explicitly.
v2.3 will support "no" properly in plugin settings, but for now
any value at all for a boolean plugin setting is treated as "yes",
even if it's written as explicit "no". This change will now warn
that it most likely won't work as intended.
+ Various optimizations to avoid accessing files/directories when it's
not necessary. Especially avoid accessing mail root directories when
INDEX directories point to a different filesystem.
+ mail_location can now include ITERINDEX parameter. This tells Dovecot
to perform mailbox listing from the INDEX path instead of from the
mail root path. It's mainly useful when the INDEX storage is on a
faster storage.
+ mail_location can now include VOLATILEDIR=<path> parameter. This
is used for creating lock files and in future potentially other
files that don't need to exist permanently. The path could point to
tmpfs for example. This is especially useful to avoid creating lock
files to NFS or other remote filesystems. For example:
mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u
+ mail_location's LISTINDEX=<path> can now contain a full path.
This allows storing mailbox list index to a different storage
than the rest of the indexes, for example to tmpfs.
+ mail_location can now include NO-NOSELECT parameter. This
automatically deletes any \NoSelect mailboxes that have no children.
These mailboxes are sometimes confusing to users.
+ mail_location can now include BROKENCHAR=<char> parameter. This can
be useful with imapc to access mailbox names that aren't valid mUTF-7
charset from remote servers.
+ If mailbox_list_index_very_dirty_syncs=yes, the list index is no
longer refreshed against filesystem when listing mailboxes. This
allows the mailbox listing to be done entirely by only reading the
mailbox list index.
+ Added mailbox_list_index_include_inbox setting to control whether
INBOX's STATUS information should be cached in the mailbox list
index. The default is "no", but it may be useful to change it to
"yes", especially if LISTINDEX points to tmpfs.
+ userdb can return chdir=<path>, which override mail_home for the
chdir location. This can be useful to avoid accessing home directory
on login.
+ userdb can return postlogin=<socket> to specify per-user imap/pop3
postlogin socket path.
+ cassandra: Add support for result paging by adding page_size=<n>
parameter to the connect setting.
+ dsync/imapc, pop3-migration plugin: Strip also trailing tabs from
headers when matching mails. This helps with migrations from Zimbra.
+ imap_logout_format supports now %{appended} and %{autoexpunged}
+ virtual plugin: Optimize IDLE to use mailbox list index for finding
out when something has changed.
+ Added apparmor plugin. See https://wiki2.dovecot.org/Plugins/Apparmor
- virtual plugin: A lot of fixes. In many cases it was also working
very inefficiently or even incorrectly.
- imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31.
It was actually (mostly) working in previous versions, but broken
in v2.2.31.
- Modseq tracking didn't always work correctly. This could have caused
imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to
not work perfectly.
- mdbox: "Inconsistency in map index" wasn't fixed automatically
- dict-ldap: %variable values used in the LDAP filter weren't escaped.
- quota=count: quota_warning = -storage=.. was never executed (try 2).
v2.2.31 fixed it for -messages, but not for -storage.
- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent
FETCHes, but weren't.
- quota-status service didn't support recipient_delimiter
- acl: Don't access dovecot-acl-list files with acl_globals_only=yes
- mail_location: If INDEX dir is set, mailbox deletion deletes its
childrens' indexes. For example if "box" is deleted, "box/child"
index directory was deleted as well (but mails were preserved).
- director: v2.2.31 caused rapid reconnection loops to directors
that were down.
Changelog:
Fixed
Unwanted inline images shown in rogue SPAM messages
Fixed
Deleting message from the POP3 server not working when maildir storage was used
Fixed
Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
Fixed
Inline images not scaled to fit when printing
Fixed
Selected text from another message sometimes included in a reply
Fixed
No authorisation prompt displayed when inserting image into email body although image URL requires authentication
Fixed
Large attachments taking a long time to open under some circumstances
Fixed
Various security fixes
This project uses a Perl-style Configure script that can use a
custom config.sh to provide default answers to questions that it
asks as part of the configuration process. Modify the custom
${FILESDIR}/config.sh to allow substituting for @PKGMANDIR@ in the
default location for unformatted manpages.
Upstream changes:
1.021 2017-08-02 19:35:56-04:00 America/New_York
- reject non-ASCII and control characters in strict mode (thanks, Pali
Roh獺r)
1.020 2017-07-25 12:39:31-04:00 America/New_York
- unbreak Email::MIME (which violates encapsulation (again))
- eliminate some @_ / $_ confusion
1.019 2017-07-06 16:06:19-04:00 America/New_York (TRIAL RELEASE)
- better parsing all around, thanks to Pali Roh獺r:
- support for RFC 2231 (character set and parameter continuations)
- support for RFC 2822 comments
- we only Carp if header-parsing fails now
- we're more lenient in dealing with spaces around tokens
ytnef, programs that use libytnef to parse and handle Microsoft TNEF
attachments.
These are the programs that come with the same distfile as libytnef
and are from the same author.
The changes in patch-ytnef.c has been applied upstream.
patch-ytnef.c has now been removed.
Changes from Changelog:
v1.9.2 - February 23, 2017
Thanks to @hannob for finding some Out-of-bound exceptions in memory handline.
* [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes (CVE-2017-6800)
* [SECURITY] Missing a check for fields of size 0 (CVE-2017-6801)
* [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams (CVE-2017-6802)
This version & the previous 1.9.1 resolves the following CVEs:
* CVE-2017-6306
* CVE-2017-6305
* CVE-2017-6304
* CVE-2017-6303
* CVE-2017-6302
* CVE-2017-6301
* CVE-2017-6300
* CVE-2017-6299
* CVE-2017-6298
v1.9.1 - Feb 14, 2017
* BugFix for path handling- label both / and \ as invalid characters inattachments
* Remove lots of exit(-1)'s from the code that would crash calling programs
* [SECURITY] Thanks to EricSesterhennX41 for a patch to fix lots of invalid
memory allocation around corrupted files.
v1.9 - January 2, 2017
* Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach)
* Fix applied for CVE-2010-5109
* Various fixes for errors found via Static Analysis (cppcheck)
* Various memory leaks plugged (Thanks @slonik-v-domene)
* Bugfix for a broken "uniqueness" checker
* Lots of formatting & documentation cleanups
Now that the two packages are unified into a single install & build, I've had
to choose a unifier of Version Numbers. I chose 1.9 .
Enigmail 1.9.8
Released 2017-06-30, works with Thunderbird 52.0 & newer and SeaMonkey 2.46 & newer.
Notable Changes
This is a bugfix release. In addition, some locales were updated.
Bugs fixed
This version fixes a bug which blocks the mail sending process.
Notmuch 0.25 (2017-07-25)
=========================
General
-------
Add regexp searching for mid, paths, and tags.
Skip HTML tags when indexing
In particular this avoids indexing large inline images.
Command Line Interface
----------------------
Bash completion is now installed to /usr/share by default.
Allow space as separator for keyword arguments.
Emacs
-----
Support for stashing message timestamp in show and tree views
Invoking `notmuch-show-stash-date` with a prefix argument
stashes the unix timestamp of the current message instead of
the date string.
Don't use 'function' as variable name, workaround emacs bug 26406.
Library Changes
---------------
Add workaround for date parsing of bad input in older GMime
In certain circumstances, older GMime libraries could return
negative numbers when parsing syntactically invalid dates.
Replace deprecated functions with status returning versions
API of notmuch_query_{search,count}_{messages,threads} has
changed. notmuch_query_add_tag_exclude now returns a status
value.
Add support for building against GMime 3.0.
Rename libutil.a to libnotmuch_util.a.
libnotmuch SONAME is incremented to libnotmuch.so.5.
The installed cyradm shell script contained the path to the shell
in the tools directory instead of the system /bin/sh. This
happened as part of the build process by the Perl MakeMaker system
used to build the Cyrus Perl modules. Make the replacement at
post-build time to change it back to /bin/sh.
This fix was mirrored from the identical fix to the cyrus-imapd24
module by jnemeth@pkgsrc.org.
Bump the PKGREVISION of the cyrus-imapd and cyrus-imapd23 packages
due to the change in the installed script.
- Apply the qbiff-utmpx patch to (probably) fix build on FreeBSD
- Enable "qmail-srs" by default
- Add "qmail-customerror", enabled by default
- Move TLS config steps from INSTALL to MESSAGE.tls
Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to
create the directory tree under ${PKG_SYSCONFDIR} instead of using
INSTALLATION_DIRS.
Bump the PKGREVISION of packages that changed due to changes in the
package install scripts.
For all services where we set procname, prefix "nb". This makes it even
harder for observers to fail to notice that this isn't a Life with qmail
install, and happens to match the log tags already being applied.
Bump version.
from /service), the rc.d script can't tell which is ours. Make and use
a pidfile.
(The other rc.d scripts set argv[0] to names that are unlikely to
collide, but there's no easy way to do that for the qmail-send process
exec'd by qmail-start.)
Bump PKGREVISION.
install-destdir and instcheck about the .gz extensions. While here,
handle INSTALL and SENDMAIL docs on case-insensitive filesystems in a
more straightforward way. Bump PKGREVISION.
being terminated with bare LFs, getting tempfailed by some SMTP servers
(such as qmail!), and getting stuck in the local queue. Tweak the EAI
patch to terminate header lines with CRLF, as unpatched qmail-remote
would have done. Submitted upstream. Bump PKGREVISION.
during the build stage, so can't use a simple REPLACE_SH.
This is a build problem that likely is only detected when
PKG_DEVELOPER=YES so bump PKGREVISION anyways.
- Collapse redundant code for invoking service-specific rc.d scripts.
- Don't try to run a service's rc.d script if it isn't enabled in rc.conf.
- Run "pause" in reverse sequence, like "stop" does.
- Support "stat", "pause", and "cont" in qmailqread.
Bump version.
Upstream changes:
1.945 2017-07-25 14:17:32-04:00 America/New_York
- fix encode-check.t to pass under legacy Test::Builder
1.944 2017-07-25 12:38:41-04:00 America/New_York
- non-trial release of header_as_obj changes
- support for supplying a non-croak encode_check (thanks, Matthew
Horsfall)
1.943 2017-06-09 19:00:09-04:00 America/New_York (TRIAL RELEASE)
- add Email::MIME::Header::AddressList and related support code
1.942 2017-03-05 08:15:00-05:00 America/New_York (TRIAL RELEASE)
- This adds ->header_as_obj to get MIME headers out of the header not
as strings, but as objects. The field-to-header mapping can be
amended with the ->set_class_for_header method.
1.941 2017-03-04 19:12:11-05:00 America/New_York (TRIAL RELEASE)
- pointless mistake release
- Remove qmail-qfilter-*-queue shell scripts, which would conflict with
the C programs of the same name included in mail/qmail 1.03nb29 with
the "qmail-rejectutils" option (enabled by default).
- Bump mail/qmail dependency to 1.03nb29.
- Shorten and improve MESSAGE.
Remove unneeded options:
- Unconditionally apply netqmail (which includes a local patch; remove it)
- Unconditionally apply bigdns, maildiruniq, outgoingip, rcptcheck, remote
- Unconditionally apply the TLS + SMTP AUTH _patch_ (not the options)
- Record all applied patches (mandatory and optional) in QMAILPATCHES
- Remove badrcptto, qregex, realrcptto, viruscan (moved to rejectutils)
Simplify packaging:
- Extract a standalone patch <https://schmonz.com/qmail/rejectutils> to
repackage the mutually conflicting recipient- and content-checking
patches as separate programs, along with wrappers for running checks
in sequence
- Extract a standalone patch <https://schmonz.com/qmail/destdir> to
build to a staging area, as non-root, without hardcoded IDs
- Run the destdir patch's `install-destdir` to make or repair the queue
and set special file permissions, obviating the need for a dependency
on mail/queue-fix and handcrafted SPECIAL_PERMS
- While here, run `instcheck` to ensure we've installed just like `make
setup check` as root would have
- Install INSTALL and SENDMAIL docs under their original names,
even on Darwin
- Avoid building catpages, since we don't install them, and remove nroff
from USE_TOOLS
Default-enable more useful options:
- "eai" (new) permits UTF-8 almost everywhere in email
- "qmail-rejectutils" (new) adds several tools for selectively
rejecting messages
- "syncdir" forces synchronous link() and related syscalls
- "tls" and "sasl", instead of causing patch conflicts, cause the TLS
and SMTP AUTH code to be included (!)
2017-07-14 Richard Russon <rich@flatcap.org>
* Translations
- Update German translation
* Docs
- compile-time output: use two lists
- doxygen: add config file
- doxygen: tidy existing comments
* Build
- fix hcachever.sh script
* Upstream
- Fix crash when $postponed is on another server.
2017-07-07 Richard Russon <rich@flatcap.org>
* Features
- Support Gmail's X-GM-RAW server-side search
- Include pattern for broken threads
- Allow sourcing of multiple files
* Contrib
- vombatidae colorscheme
- zenburn colorscheme
- black 256 solarized colorscheme
- neonwolf colorscheme
- Mutt logos
* Bug Fixes
- flags: update the hdr message last
- gpgme S/MIME non-detached signature handling
- menu: the thread tree color
- Uses CurrentFolder to populate LastDir with IMAP
- stabilise sidebar sort order
- colour emails with a '+' in them
- the padding expando '%>'
- Do not set old flag if mark_old is false
- maildir creation
- Decode CRLF line endings to LF when copying headers
- score address pattern do not match personal name
- open attachments in read-only mode
- Add Cc, In-Reply-To, and References to default mailto_allow
- Improve search for mime.types
* Translations
- Update Chinese (Simplified) translation
* Coverity defects
- dodgy buffers
- leaks in lua get/set options
- some resource leaks
* Docs
- update credits
- limitations of new-mail %f expando
- escape <>'s in nested conditions
- add code of conduct
- fix ifdef examples
- update mailmap
- Update modify-labels-then-hide
- fix mailmap
- drop UPDATING files
* Website
- Changes pages (diff)
- Update Arch distro page
- Update NixOS distro page
- Add new Exherbo distro page
- Update translation hi-score table
- Update code of conduct
- Update Newbies page
- Add page about Rebuilding the Documentation
- Add page of hard problems
* Build
- remove unnecessary steps
- drop instdoc script
- move smime_keys into contrib
- fixes for Solaris
- don't delete non-existent files
- remove another reference to devel-notes.txt
- Handle native Solaris GSSAPI.
- drop configure options --enable-exact-address
- drop configure option --with-exec-shell
- drop configure option --enable-nfs-fix
- drop configure option --disable-warnings
- Completely remove dotlock
- More sophisticated check for BDB version + support for DB6 (non default)
* Tidy
- drop VirtIncoming
- split mutt_parse_mailboxes into mutt_parse_unmailboxes
- tidy some buffy code
- tidy the version strings
* Upstream
- Add ~<() and ~>() immediate parent/children patterns
- Add L10N comments to the GNUTLS certificate prompt
- Add more description for the %S and %Z $index_format characters
- Add config vars for forwarded message attribution intro/trailer
- Block SIGWINCH during connect()
- Improve the L10N comment about Sign as
- Auto-pad translation for the GPGME key selection "verify key" headers
- Enable all header fields in the compose menu to be translated
- Force hard redraw after $sendmail instead of calling mutt_endwin
- Make GPGME key selection behavior the same as classic-PGP
- Rename 'sign as' to 'Sign as'; makes compose menu more consistent
- Change the compose menu fields to be dynamically padded
Moll in NetBSD/pkgsrc#4. From the DESCR:
mailsend is a simple command line program to send mail via SMTP protocol.
The program does not use any config file and everything needed to compose
mails (and attachments) is driven via command line parameters.
- bugfix: if password_command parameter was used with a non-existent program,
getmail would error out during the handling of that condition and not report
the problem correctly.
- new release numbering scheme; previous version numbers were just getting
too high.
- catch and ignore/exit cleanly after reset connection in IMAP IDLE mode.
Thanks: Stephan Schulz.
- allow specifying an expected SSL certificate hostname, for when the
server's certificate does not match the domain name used to connect to
it. Thanks: "Andre".
- fix error message not actually giving the header field name incorrectly
specified as containing the envelope recipient address. Thanks: Hardy
Braunsdorf.
- add new password_command configuration parameter for retrievers, allowing
getmail to retrieve the account password from any arbitrary external
command. Suggestion: "ng0".
Upstream changes:
2017-04-14: Marc Bradshaw <marc@marcbradshaw.net>
* commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:53:53 2017 +1100
Avoid use of $_ in read loop
RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>
* commit 06934f259e392b2a3cf94560e6051d9e522d0bf3
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:44:44 2017 +1100
Ensure PrivateKey file is closed properly.
Store PrivateKey file handle in lexical variable and close it
once we are done.
RT 120638: Mail::DKIM::PrivateKey does not close FILE
* commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Feb 27 12:08:11 2015 +1100
Allow greater control over signed headers
* commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Jan 23 09:54:02 2015 +1100
Allow greater control over which headers are signed by Signer
NEWS:
Changes of Sylpheed
* 3.6.0 (stable)
* The Japanese manual was updated.
* 3.6.0beta1 (development)
* The feature to use multiple signatures in one account was added.
* The edit group dialog of the address book was improved to allow
multilple selection and display its available list with folder tree.
* The menu 'Tools - Open configuration/attachments folder' was added.
* Printing settings and page setup are now saved.
* The Japanese manual was updated.
* IMAP: SUBSCRIBE command is explicitly issued for a newly created folder
by CREATE.
* Unix: the search location of SSL certificates for OpenBSD was added
(#222).
* Win32: a notice about not removing user data in the installer was
modified.
Changelog:
52.2.1
Fixed Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.
52.2.0
Fixed Embedded images not shown in email received from Hotmail/Outlook webmailer
Fixed Detection of non-ASCII font names in font selector
Fixed Attachment not forwarded correctly under certain circumstances
Fixed Multiple requests for master password when GMail OAuth2 is enabled
Fixed Large number of blank pages being printed under certain circumstances when invalid preferences were present
Fixed Messages sent via the Simple MAPI interface are forced to HTML
Fixed Calendar: Invitations can't be printed
Fixed Mailing list (group) not accessible from macOS or Outlook address book
Fixed Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
Fixed Various security fixes
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2
52.1.1
Fixed Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
Fixed Unable to load full message via POP if message was downloaded partially (or only headers) before
Fixed Some attachments can't be opened or saved if the message body is empty
Fixed Crash when compacting IMAP folder
* This release adjusts Pigeonhole to several changes in the Dovecot API,
making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole
will produce compile warnings with the recent Dovecot releases (but
still work ok).
- Fixed bug in handling of implicit keep in some cases. Implicit
side-effects, such as assigned flags, were not always applied
correctly. This is in essence a very old bug, but it was exposed by
recent changes.
- include extension: Fixed segfault that (sometimes) occurred when the
global script location was left unconfigured.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl files.
+ Parse invalid message addresses better. This mainly affects the
generated IMAP ENVELOPE replies.
- v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly.
It could have deleted wrong mail's cache or assert-crashed.
- v2.2.30 mail-crypt-acl plugin was assert-crashing
- v2.2.30 welcome plugin wasn't working
- Various fixes to handling mailbox listing. Especially related to
handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
- Global ACL file was parsed as if it was local ACL file. This caused
some of the ACL rule interactions to not work exactly as intended.
- auth: forward_* fields didn't work properly: Only the first forward
field was working, and only if the first passdb lookup succeeded.
- Using mail_sort_max_read_count sometimes caused "Broken sort-*
indexes, resetting" errors.
- Using mail_sort_max_read_count may have caused very high CPU usage.
- Message address parsing could have crashed on invalid input.
- imapc_features=fetch-headers wasn't always working correctly and
caused the full header to be fetched.
- imapc: Various bugfixes related to connection failure handling.
- quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
expunging mails.
- quota=count: quota_warning = -storage=.. was never executed
- quota=count: Add support for "ns" parameter
- dsync: Fix incremental syncing for mails that don't have Date or
Message-ID headers.
- imap: Fix hang when client sends pipelined SEARCH +
EXPUNGE/CLOSE/LOGOUT.
- oauth2: Token validation didn't accept empty server responses.
- imap: NOTIFY command has been almost completely broken since the
beginning. I guess nobody has been trying to use it.
